Home page logo
/

basics logo Security Basics mailing list archives

RE: NAT external/Public IP
From: Jason Alexander <jalexander () plus net>
Date: Fri, 26 Oct 2007 09:19:21 +0100

Looks like a requirement?

<snip>1.5 Implement IP masquerading to prevent internal addresses from being translated and revealed on the Internet. 
Use technologies that implement RFC 1918 address space, such as port address translation (PAT) or network address 
translation (NAT).<snip>

-----Original Message-----
From: Eric Furman [mailto:ericfurman () fastmail net] 
Sent: 25 October 2007 18:13
To: Jason Alexander; Security Basics
Subject: RE: NAT external/Public IP

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com]
On Behalf Of Ansgar -59cobalt- Wiechers
Sent: 25 October 2007 15:49
To: security-basics () securityfocus com
Subject: Re: NAT external/Public IP

On 2007-10-25 crazy frog crazy frog wrote:
On 24 Oct 2007 15:46:21 -0000, smarts_buy () yahoo com wrote:
Would like know is ther any security concern to bring in 
external/public IP with out NAT to inside of the enterprise network.
Is it any way more secure if we use NAT?
[...]
2)If you allow lots of machine to direct access the internet with 
external ip they may pose a security risk.

How would that pose a risk that would not exist with NAT'ed machines?

On Thu, 25 Oct 2007 16:28:13 +0100, "Jason Alexander"
<jalexander () plus net> said:
 If its not a security risk then why is it a PCI requirement?


If you are talking about Payment Card Industry (PCI) Data Security Standard, there isn't one for NAT.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]